Control: severity -1 important Control: tags -1 - patch Control: tags -1 + moreinfo
Am 02.06.2013 21:47, schrieb Michael Gilbert: > Package: gcc-4.7 > Severity: serious > Version: 4.7.0-1 > Tags: security, patch > > Hi, > An integer overflow issue was discovered for gcc-4.7: > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439 > > This is already fixed in gcc-4.8. > > These seem to be the two relevant patches that fix the problem: > http://gcc.gnu.org/ml/gcc-patches/2012-08/msg01416.html > http://gcc.gnu.org/ml/gcc-patches/2012-06/msg01689.html > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2439 > http://security-tracker.debian.org/tracker/CVE-2002-2439 > Please adjust the affected versions in the BTS as needed. this is #402694. It is disappointing that the security did become a management only team. Note that this is an issue, where even a member of the security team is involved upstream, doesn't comment, doesn't backport the patch upstream, doesn't do that much with this issue. No, it can't be severity serious with this kind of attitude. So please backport this one first upstream, test it, then come back, then I'll pull it from the 4.7 branch. Thanks, Matthias -- To UNSUBSCRIBE, email to debian-gcc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/51baeb79.6020...@debian.org
